CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.1%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://docs.keyfactor.com/signserver/
https://support.keyfactor.com/hc/en-us/articles/15618125602715-Security-Advisory-SignServer-Cross-site-scripting-issue-in-Admin-Web
https://doc.primekey.com/signserver
https://support.primekey.com/news/posts/signserver-security-advisory-cross-site-scripting-issue-in-admin-web

Products affected by CVE-2022-26494

Primekey » Signserver » Version: Any

cpe:2.3:a:primekey:signserver:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26494

Products

Pricing

Contact Us